Closed Bug 888942 Opened 12 years ago Closed 8 years ago

http://www.antennethueringen.de does not work properly because of mixed content blocking

Categories

(Web Compatibility :: Site Reports, defect, P5)

Product:
Web Compatibility
Component:
Site Reports
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: yoshi.yokotani, Assigned: sjw+bugzilla)

References

(
URL
)

Details

(Whiteboard: [country-de] [http] [contactready])

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0 (Beta/Release) Build ID: 20130620122109 Steps to reproduce: 1. go to http://www.antennethueringen.de 2. change http to https in the url bar 3. open the web console only security issue tab active Actual results: [16:24:28.934] Blocked loading mixed active content "http://api.brightcove.com/services/library?command=find_playlist_by_id&playlist_id=30050934001&token=kiEtQ0UVohjVX2wvphAbRdwwea9hsSSKJlD-ScytPHZLEe_s-Ueb0A..&playlist_fields=id,name,videos&video_fields=id,name,thumbnailURL,length,publishedDate&callback=bc_id[0].autoReturn" @ https://www.antennethueringen.de/at_www/bcw_homepage/bcw_homepage.js:123 [16:24:28.984] Blocked loading mixed active content "http://ad.de.doubleclick.net/adj/rmsi.antennethueringen.de/homepage;rmsi=homepage;nielsen=7;;sz=300x250;tile=3;ord=7998976563?" @ https://www.antennethueringen.de/at_www/index.php:1040 [16:24:28.998] Blocked loading mixed active content "http://rmsi.nuggad.net/rc?nuggn=498868272&nuggtg=homepage" @ https://www.antennethueringen.de/at_www/js/omsv_rmsi.js:7 [16:24:28.998] Blocked loading mixed active content "http://req.connect.wunderloop.net/AP/1626/6628/13015/js?cus=13015,13016,13029,13027,13030,13032,13028,13031,13019,13020,13021,13023,13024,13025,13017,13018&ord=1372688668998" @ https://www.antennethueringen.de/at_www/js/omsv_rmsi.js:14 [16:24:28.998] Blocked loading mixed active content "http://js.revsci.net/gateway/gw.js?csid=F12349&auto=t&oms_zone=homepage" @ https://www.antennethueringen.de/at_www/js/omsv_rmsi.js:40 [16:24:28.999] Blocked loading mixed active content "http://ad.de.doubleclick.net/adj/rmsi.antennethueringen.de/homepage;rmsi=homepage;nielsen=7;dcopt=ist;;sz=728x90;tile=1;ord=7998976563?" @ https://www.antennethueringen.de/at_www/index.php:1246 [16:24:28.999] Blocked loading mixed active content "http://ad.de.doubleclick.net/adj/rmsi.antennethueringen.de/homepage;rmsi=homepage;nielsen=7;;sz=120x600;tile=2;ord=7998976563?" @ https://www.antennethueringen.de/at_www/index.php:1257 [16:24:31.074] Blocked loading mixed active content "http://www.antennethueringen.de/at_www/flash/onair.swf" @ https://www.antennethueringen.de/at_www/js/swfobject.js:4 [16:24:31.079] Blocked loading mixed active content "http://www.antennethueringen.de/dparegio/regio-thueringen/fertig.txt" @ https://www.antennethueringen.de/at_www/js/jquery.tools.min.js:147
URL: http://www.antennethueringen.de
OS: All → Linux
Hardware: All → x86
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: x86 → All
Assignee: german → sjw
Status: NEW → ASSIGNED
Blocks: 844556
Component: German → Desktop
Whiteboard: [country-de] [http] [contactready]
I contacted them, but I got no response.
Well, this is one way to deal with it.. GET https://www.antennethueringen.de/ HTTP/1.1 Host: www.antennethueringen.de User-Agent: Mozilla/5.0 (Mobile; rv:18.1) Gecko/18.1 Firefox/18.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive HTTP/1.1 302 Found Date: Fri, 10 Oct 2014 18:27:30 GMT Server: Apache Status: 301 Moved Permanently Location: http://www.antennethueringen.de/at_www/index.php Content-Length: 2 Keep-Alive: timeout=5, max=150 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
(In reply to Hallvord R. M. Steen from comment #2) > Well, this is one way to deal with it.. They did it really bad...
URL: https://www.antennethueringen.dehttps://www.antennethueringen.de/at_w...
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
IMHO it's a reasonable choice (although depending on what type of site it is, of course - it would not be appropriate for a bank/cloud storage/webmail etc, so it depends on whether it has user accounts, how valuable it is to hack these accounts etc.) Funnily, today it's back to not redirecting to http: - so we still have the same problems with blocked content. Additionally, they try loading this script: https://www.radiokombithueringen.de/openx/www/delivery/ajs.php?zoneid=5&target=_blank&cb=22875221858&charset=UTF-8&loc=https%3A//www.antennethueringen.de/at_www/index.php&referer=https%3A//bugzilla.mozilla.org/show_bug.cgi%3Fid%3D888942 which has a domain name mismatch error for the certificate.
Group: mozilla-employee-confidential
Status: REOPENED → NEW
Why is this bug not public anymore? > "Group: mozilla-employee-confidential"(In reply to Hallvord R. M. Steen from comment #4)
Unintentional, sorry. Thanks for catching it.
Group: mozilla-employee-confidential
Still an issue.
Priority: -- → P5
LGTM now
Status: NEW → RESOLVED
Closed: 11 years ago8 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.